Echo
6811f84a7c
- pm-auth::password: Argon2id (m=65536,t=3,p=1) hashing + verification - pm-auth::jwt: EdDSA/Ed25519 JWT issuance + validation (15-min TTL) - pm-auth::refresh: Opaque 256-bit refresh tokens, SHA-256 hashed, 1-hour sliding inactivity timeout, rotation on use, revocable - pm-auth::mfa_totp: TOTP setup/verify (HMAC-SHA1, 6-digit, 30s) with otpauth:// URI generation (Google Authenticator compatible) - pm-auth::mfa_webauthn: Stub (full implementation deferred) - pm-auth::rbac: Axum middleware for JWT auth + IP whitelist + admin/operator role enforcement + FromRequestParts extractor - pm-auth::session: Full login flow (password → MFA → tokens), token refresh, logout, force-logout - pm-web auth routes: POST /api/v1/auth/login|refresh|logout, GET /api/v1/auth/mfa/setup, POST /api/v1/auth/mfa/verify - IP whitelist middleware on all protected connection points - migrations/002_seed_admin.sql: Default admin account seed - Frontend: Auth store (Zustand with persistence), login page with MFA prompt, MFA setup page (stepper), JWT auto-refresh interceptor, route guards (RequireAuth), updated App.tsx routing - cargo check --workspace: zero errors, 1 minor warning Closes M2.
Linux Patch Manager
Enterprise-class secure web-based management interface for controlling patching and updates on Linux servers and workstations.
Overview
Linux Patch Manager provides a centralized web interface to manage patching and software updates across a fleet of Linux servers and workstations. It communicates with managed devices through the Linux Patch API, leveraging mTLS-secured RESTful endpoints for all operations.
Key Features
- Centralized Dashboard — Monitor patch status across all managed hosts from a single interface
- Multi-Distribution Support — Manage Debian/Ubuntu, RHEL/CentOS/Fedora, Alpine, and Arch hosts
- Secure by Design — mTLS authentication, role-based access control, audit logging
- Batch Operations — Apply patches and updates across multiple hosts simultaneously
- Scheduling — Plan and schedule patch windows with approval workflows
- Reporting — Compliance reporting and patch status dashboards
Architecture
Linux Patch Manager is a web application that acts as a management plane, communicating with the Linux Patch API agent running on each managed host.
┌─────────────────────┐
│ Linux Patch Manager │ ← Web UI (this project)
│ (Management Plane) │
└──────────┬──────────┘
│ mTLS / REST API
┌──────┼──────┐
▼ ▼ ▼
┌──────┐┌──────┐┌──────┐
│ Host ││ Host ││ Host │ ← Linux Patch API agents
│ A ││ B ││ C │
└──────┘└──────┘└──────┘
Documentation
| Document | Description |
|---|---|
| SPEC.md | Full project specification |
| ARCHITECTURE.md | Architecture and design decisions |
| REQUIREMENTS.md | Functional and non-functional requirements |
Related Projects
- Linux Patch API — The API agent that runs on each managed host
License
Private — All rights reserved.